Analysis
-
max time kernel
148s -
max time network
150s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20250307-en -
resource tags
-
submitted
13/04/2025, 01:00
General
-
Target
6ff23721d3b6c6677de0ee75d7d8c65baae779ebf87e090e1fd031f0bf02ea6e.elf
-
Size
54KB
-
MD5
014a0d28c6684fa6486fc344c246f69c
-
SHA1
611a1dcfd5a6dcf5bc4d433c91dc912f19885e9d
-
SHA256
6ff23721d3b6c6677de0ee75d7d8c65baae779ebf87e090e1fd031f0bf02ea6e
-
SHA512
36a71bf3a1bae29b02da543c7a3b9c6be02149e4ee6e0bcf7267abfcb8bb46e1e89ebc5becc5b3e92c749620e6e11df2a66c0cad76b42d1b7e26874d65c7a0df
-
SSDEEP
1536:7Mxtjx62+Ypjj+FFDLB/Ek8jOhC8jTXjUvzIkPR0:7AxF+YpjEFHBcHOn47IEq
Malware Config
Signatures
-
Contacts a large (4728) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes itself 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Changes its process name 1 IoCs
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.